New site at the top of my favorites list

You know, stupid security abounds. I just discovered this site today, and I plan to become a regular visitor — and probably a contributor, too! I encourage you to explore it and enjoy. Oh, some advice: it probably would be unwise to read an offline archived version of this site on an airplane. 🙂

Stupid Security: Exposing fake security since 2003

Comments (4)

  1. Steve Lamb says:

    It’s a great site – I love the one about forcing passengers to get off the bus between journeys for "security reasons" – best of all the exception that they’ll let people stay on if the weather’s bad!

  2. Steve Lamb says:

    My favourite is

    – it’s written by a help desk operator – well worth a read

  3. Tim says:

    A certain security company has suggested that we rename the Administrator account as one step to make our network more secure. Won’t this cause problems? I have never really heard of anyone doing this as a best practice. What are your thoughts?


  4. steriley says:

    Tim, yes that is a common recommendation, but in my (and others’) opinions it really doesn’t do much good. It’s an instance of "security by obscurity," the thinking that if you hide, then the bad guys won’t find you.

    Thing is, all local Administrator accounts have the same relative ID number: 500. Attack tools now target account 500 regardless of its name.

    The proper way to protect these accounts is to use a good strong password — or, better, a nice long pass *phrase*.